Open Yahav opened 5 years ago
Yahav
commented
5 years ago Upon further inspection, the validate method of DoubleSubmitCookieTokenValidator doesn't seem to get the csrf token cookie value, when dumping $request->cookies from within the validate method there is no ckCsrfToken item..
Yahav
commented
5 years ago Ok, found the solution, i have no idea how this package have worked for anyone but i guess most just disable the CSRF protection. The problem was that Laravel by default encrypt cookies before storing them and decrypt when receiving them and since ckfinder doesn't encrypt the cookie laravel is not able to decrypt it and so its set to null.
The solution for this is to add the cookie name (ckCsrfToken) to the $except property of EncryptCookies middleware (app/Http/Middleware/EncryptCookies.php) You should also disable Laravel's CSRF protection for CKfinder path, this can be done by adding ckfinder/* to the $except property at the VerifyCsrfToken middleware (app/Http/Middleware/VerifyCsrfToken.php)
This should probably be mentioned at the README
fri3ndly
commented
5 years ago Thanks, been having the same issue
svkmedia
commented
5 years ago @Yahav thank you your solution works
Radvers
commented
4 years ago @Yahav thanks for solution
zaak
commented
4 years ago Thank you for your effort in debugging this @Yahav. Appropriate info has been added to the readme.
When trying to upload files/create directories i'm getting Invalid request error. upon debug i see that the following comment is thrown: InvalidCsrfTokenException. I've disabled Laravel's Csrf protection for the following urls: 'ckfinder/*',
So this is ckfinder's csrf protection fault. The request itself does seem to have the following post data ckCsrfToken: 5SOFU7Hrnpbzwy7LT32qFp998sqFQagkAwZsA08d the request also seem to have cookie with the same name and the same value..
Any idea's how to deal with this without disabling ckfinder's csrf protection entirely?